public interface ModelService
IDM Model Interface
IDM Model Interface provides access unified to the identity objects stored in the repository and on the resources. It abstracts away the details about where and how are the data stored, it hides all the low-level system components.
Implementation of this interface are expected to enforce a consistency of access control decisions and model, e.g. to enforce Role-Based Access Control (RBAC). RBAC is only one of many possibly models and this interface may have many implementations.
Implementations of this interface may automatically derive properties and attributes for objects. E.g. RBAC models may automatically derive resource accounts attributes based on user role membership.
Modifier and Type | Field and Description |
---|---|
static String |
AUTZ_NAMESPACE |
static String |
CLASS_NAME_WITH_DOT |
static String |
COMPARE_OBJECT |
static String |
COUNT_CONTAINERS |
static String |
COUNT_OBJECTS |
static String |
DISCOVER_CONNECTORS |
static String |
EXECUTE_CHANGE |
static String |
EXECUTE_CHANGES |
static String |
GET_OBJECT |
static String |
GET_PROPERTY_AVAILABLE_VALUES |
static String |
IMPORT_ACCOUNTS_FROM_RESOURCE |
static String |
IMPORT_OBJECTS_FROM_FILE |
static String |
IMPORT_OBJECTS_FROM_STREAM |
static String |
LIST_ACCOUNT_SHADOW_OWNER |
static String |
LIST_OBJECTS |
static String |
LIST_RESOURCE_OBJECT_SHADOWS |
static String |
LIST_RESOURCE_OBJECTS |
static String |
POST_INIT |
static String |
RECOMPUTE |
static String |
SEARCH_CONTAINERS |
static String |
SEARCH_OBJECTS |
static String |
TEST_RESOURCE |
Modifier and Type | Method and Description |
---|---|
<T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
compareObject(PrismObject<T> object,
Collection<SelectorOptions<GetOperationOptions>> readOptions,
ModelCompareOptions compareOptions,
List<ItemPath> ignoreItemPaths,
Task task,
OperationResult result)
TODO
|
<T extends Containerable> |
countContainers(Class<T> type,
ObjectQuery query,
Collection<SelectorOptions<GetOperationOptions>> options,
Task task,
OperationResult parentResult) |
<T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
countObjects(Class<T> type,
ObjectQuery query,
Collection<SelectorOptions<GetOperationOptions>> options,
Task task,
OperationResult parentResult)
Count objects.
|
Set<com.evolveum.midpoint.xml.ns._public.common.common_3.ConnectorType> |
discoverConnectors(com.evolveum.midpoint.xml.ns._public.common.common_3.ConnectorHostType hostType,
Task task,
OperationResult parentResult)
Discovers local or remote connectors.
|
Collection<ObjectDeltaOperation<? extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType>> |
executeChanges(Collection<ObjectDelta<? extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType>> deltas,
ModelExecuteOptions options,
Task task,
Collection<ProgressListener> listeners,
OperationResult parentResult) |
Collection<ObjectDeltaOperation<? extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType>> |
executeChanges(Collection<ObjectDelta<? extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType>> deltas,
ModelExecuteOptions options,
Task task,
OperationResult parentResult)
Execute the provided object deltas.
|
PrismObject<com.evolveum.midpoint.xml.ns._public.common.common_3.UserType> |
findShadowOwner(String shadowOid,
Task task,
OperationResult parentResult)
Deprecated.
|
<T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
getObject(Class<T> type,
String oid,
Collection<SelectorOptions<GetOperationOptions>> options,
Task task,
OperationResult parentResult)
Returns object for provided OID.
|
void |
importFromResource(String resourceOid,
QName objectClass,
Task task,
OperationResult parentResult)
Import accounts from resource.
|
void |
importFromResource(String shadowOid,
Task task,
OperationResult parentResult)
Import single account from resource.
|
void |
importObjectsFromFile(File input,
com.evolveum.midpoint.xml.ns._public.common.api_types_3.ImportOptionsType options,
Task task,
OperationResult parentResult)
Import objects from file.
|
void |
importObjectsFromStream(InputStream input,
com.evolveum.midpoint.xml.ns._public.common.api_types_3.ImportOptionsType options,
Task task,
OperationResult parentResult)
Import objects from stream.
|
List<PrismObject<? extends com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType>> |
listResourceObjects(String resourceOid,
QName objectClass,
ObjectPaging paging,
Task task,
OperationResult result)
Deprecated.
|
void |
postInit(OperationResult parentResult)
Finish initialization of the model and lower system components
(provisioning, repository, etc).
|
<F extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
recompute(Class<F> type,
String oid,
Task task,
OperationResult parentResult)
Recomputes focal object with the specified OID.
|
<T extends Containerable> |
searchContainers(Class<T> type,
ObjectQuery query,
Collection<SelectorOptions<GetOperationOptions>> options,
Task task,
OperationResult parentResult)
Search for "sub-object" structures, i.e.
|
<T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
searchObjects(Class<T> type,
ObjectQuery query,
Collection<SelectorOptions<GetOperationOptions>> options,
Task task,
OperationResult parentResult)
Search for objects.
|
<T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
searchObjectsIterative(Class<T> type,
ObjectQuery query,
ResultHandler<T> handler,
Collection<SelectorOptions<GetOperationOptions>> options,
Task task,
OperationResult parentResult)
Search for objects in iterative fashion (using callback).
|
PrismObject<? extends com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType> |
searchShadowOwner(String shadowOid,
Collection<SelectorOptions<GetOperationOptions>> options,
Task task,
OperationResult parentResult)
Returns the Focus object representing owner of specified shadow.
|
OperationResult |
testResource(String resourceOid,
Task task)
Test the resource connection and basic resource connector functionality.
|
static final String CLASS_NAME_WITH_DOT
static final String GET_OBJECT
static final String COMPARE_OBJECT
static final String SEARCH_OBJECTS
static final String SEARCH_CONTAINERS
static final String COUNT_CONTAINERS
static final String COUNT_OBJECTS
static final String EXECUTE_CHANGES
static final String EXECUTE_CHANGE
static final String RECOMPUTE
static final String GET_PROPERTY_AVAILABLE_VALUES
static final String LIST_OBJECTS
static final String LIST_ACCOUNT_SHADOW_OWNER
static final String LIST_RESOURCE_OBJECT_SHADOWS
static final String LIST_RESOURCE_OBJECTS
static final String TEST_RESOURCE
static final String IMPORT_ACCOUNTS_FROM_RESOURCE
static final String IMPORT_OBJECTS_FROM_FILE
static final String IMPORT_OBJECTS_FROM_STREAM
static final String POST_INIT
static final String DISCOVER_CONNECTORS
static final String AUTZ_NAMESPACE
<T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> PrismObject<T> getObject(Class<T> type, String oid, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException
Returns object for provided OID. It retrieves the object from an appropriate source for an object type (e.g. internal repository, resource or both), merging data as necessary, processing any policies, caching mechanisms, etc. This can be influenced by using options.
Fails if object with the OID does not exists.
type
- (class) of an object to getoid
- OID of the object to getoptions
- options influencing the retrieval and processing of the objectparentResult
- parent OperationResult (in/out)task
- Task instance. It gives context to the execution (e.g. security context)ObjectNotFoundException
- requested object does not existSchemaException
- the object is not schema compliantCommunicationException
- Communication (network) error during retrieval. E.g. error communicating with the resourceIllegalArgumentException
- missing required parameter, wrong OID format, etc.ClassCastException
- OID represents object of a type incompatible with requested
typeSystemException
- unknown error from underlying layers or other unexpected
stateSecurityViolationException
ConfigurationException
Collection<ObjectDeltaOperation<? extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType>> executeChanges(Collection<ObjectDelta<? extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType>> deltas, ModelExecuteOptions options, Task task, OperationResult parentResult) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException
Execute the provided object deltas.
The operation executes the provided object deltas. All deltas must relate to analogous objects (e.g. user and linked accounts). The implementation may throw an error if the objects are not analogous. The implementation also implicitly links the objects (mark them to be analogous) if such a link is part of the data model. E.g. the implementation links all accounts to the user if they are passed in a single delta collection. This is especially useful if the account deltas are ADD deltas without OID and therefore cannot be linked explicitly.
There must be no more than one delta for each object. The order of execution is not defined and the implementation is free to determine the correct or most suitable ordering.
The OID provided in ADD deltas may be empty. In that case the OID will be assigned by the implementation and the OIDs will be set in the deltas after the operation is completed.
Execution of ADD deltas should fail if such object already exists (if object with the provided OID already exists). Execution of MODIFY and DELETE deltas should fail if such objects do not exist.
The operation may fail if provided OIDs are in an unusable format for the storage. Generating own OIDs and providing them to this method is not recommended for normal operation.
There are no explicit atomicity guarantees for the operations. Some of the operations may pass, some may fail or even fail partially. The consistency of the data and state are not based on operation atomicity but rather a data model that can "repair" inconsistencies.
The operation may fail if any of the objects to be created or modified does not conform to the underlying schema of the storage system or the schema enforced by the implementation.
deltas
- Collection of object deltas to executeoptions
- options influencing processing of the deltasparentResult
- parent OperationResult (in/out)task
- Task instance. It gives context to the execution (e.g. security context)ObjectAlreadyExistsException
- object with specified identifiers already exists, cannot addObjectNotFoundException
- object required to complete the operation was not found (e.g.
appropriate connector or resource definition)SchemaException
- error dealing with resource schema, e.g. created object does
not conform to schemaExpressionEvaluationException
- evaluation of expression associated with the object has failedCommunicationException
- Communication (network) error during retrieval. E.g. error communicating with the resourceConfigurationException
- Configuration error. E.g. misconfigured resource parameters, invalid policies, etc.PolicyViolationException
- Policy violation was detected during processing of the objectSecurityViolationException
- Security violation during operation execution. May be caused either by midPoint internal
security mechanism but also by external mechanism (e.g. on the resource)IllegalArgumentException
- wrong OID format, etc.SystemException
- unknown error from underlying layers or other unexpected stateCollection<ObjectDeltaOperation<? extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType>> executeChanges(Collection<ObjectDelta<? extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType>> deltas, ModelExecuteOptions options, Task task, Collection<ProgressListener> listeners, OperationResult parentResult) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException
<F extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> void recompute(Class<F> type, String oid, Task task, OperationResult parentResult) throws SchemaException, PolicyViolationException, ExpressionEvaluationException, ObjectNotFoundException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, SecurityViolationException
type
- type (class) of an object to recomputeoid
- OID of the object to recomputeparentResult
- parent OperationResult (in/out)task
- Task instance. It gives context to the execution (e.g. security context)parentResult
- parent OperationResult (in/out)SchemaException
PolicyViolationException
ExpressionEvaluationException
ObjectNotFoundException
ObjectAlreadyExistsException
CommunicationException
ConfigurationException
SecurityViolationException
PrismObject<com.evolveum.midpoint.xml.ns._public.common.common_3.UserType> findShadowOwner(String shadowOid, Task task, OperationResult parentResult) throws ObjectNotFoundException, SecurityViolationException, SchemaException, ConfigurationException
Returns the User object representing owner of specified account (account shadow).
May return null if there is no owner specified for the account.
Implements the backward "owns" association between account shadow and user. Forward association is implemented by property "account" of user object.
shadowOid
- OID of the account to look for an ownertask
- Task instance. It gives context to the execution (e.g. security context)parentResult
- parent OperationResult (in/out)ObjectNotFoundException
- specified account was not foundIllegalArgumentException
- wrong OID format, described change is not applicableSystemException
- unknown error from underlying layers or other unexpected
stateSecurityViolationException
SchemaException
ConfigurationException
PrismObject<? extends com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType> searchShadowOwner(String shadowOid, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult) throws ObjectNotFoundException, SecurityViolationException, SchemaException, ConfigurationException
Returns the Focus object representing owner of specified shadow.
May return null if there is no owner specified for the account.
Implements the backward "owns" association between account shadow and user. Forward association is implemented by property "account" of user object.
shadowOid
- OID of the shadow to look for an ownertask
- Task instance. It gives context to the execution (e.g. security context)parentResult
- parent OperationResult (in/out)ObjectNotFoundException
- specified account was not foundIllegalArgumentException
- wrong OID format, described change is not applicableSystemException
- unknown error from underlying layers or other unexpected
stateSecurityViolationException
SchemaException
ConfigurationException
@Deprecated List<PrismObject<? extends com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType>> listResourceObjects(String resourceOid, QName objectClass, ObjectPaging paging, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException
Returns all resource objects of specified type that are currently available to the system.
Returns empty list if object type is correct but there are no objects of that type. The operation should fail if object type is wrong (e.g. specified type is not part of resource schema).
This method does NOT use any repository shadow objects for reference or any other business objects in the local repository. It goes directly to the resource. The returned objects (indirectly) comply with the resource schema, but it is returned re-formated in a form of detached shadow object. Although the form is the same as shadow object, this is NOT really a shadow object because it is not stored in the repository (it is detached). It does NOT have OID.
The objects are identified by whatever identification properties/attributes are defined by the resource schema.
The purpose of this operation is diagnostics. It works directly with the resource without the potential problems of underlying implementation. E.g. it may be used to test resource connectivity or correctness of resource setup. It may also be used to reach object types that are not directly supported as "shadows" by the implementation. Therefore this method is not required to implement any form of caching, queuing, reference resolution or any other "smart" algorithm.
resourceOid
- OID of the resource to fetch objects fromobjectClass
- Object class of the objects to fetchpaging
- paging specification to limit operation result (optional)result
- parent OperationResult (in/out)ObjectNotFoundException
- specified resource object does not existSchemaException
- error handling resource schemaCommunicationException
- error communicating with the resourceConfigurationException
SecurityViolationException
<T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> SearchResultList<PrismObject<T>> searchObjects(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException
Search for objects.
Searches through all object of a specified type. Returns a list of objects that match search criteria.
Note that this method has a very limited scaling capability as all the results are stored in the memory. DO NOT USE on large datasets. Recommended usage is only when using queries that cannot return large number of results (e.g. queries for unique values) or when combined with paging capability. For other cases use searchObjectsIterative instead.
Returns empty list if object type is correct but there are no objects of that type. Fails if object type is wrong. Should fail if unknown property is specified in the query.
type
- (class) of an object to searchquery
- search queryoptions
- options influencing the retrieval and processing of the objectstask
- Task instance. It gives context to the execution (e.g. security context)parentResult
- parent OperationResult (in/out)SchemaException
- unknown property used in search queryObjectNotFoundException
- object required for a search was not found (e.g. resource definition)CommunicationException
- Communication (network) error during retrieval. E.g. error communicating with the resourceConfigurationException
- Configuration error. E.g. misconfigured resource parameters, invalid policies, etc.IllegalArgumentException
- wrong query formatSecurityViolationException
<T extends Containerable> SearchResultList<T> searchContainers(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult) throws SchemaException, SecurityViolationException, ConfigurationException, ObjectNotFoundException
T
- type
- query
- options
- parentResult
- SchemaException
SecurityViolationException
ConfigurationException
ObjectNotFoundException
<T extends Containerable> Integer countContainers(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult) throws SchemaException, SecurityViolationException
<T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> SearchResultMetadata searchObjectsIterative(Class<T> type, ObjectQuery query, ResultHandler<T> handler, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException
Search for objects in iterative fashion (using callback).
Searches through all object of a specified type. A handler is invoked for each object found.
The handler is not called at all if object type is correct but there are no objects of that type. Fails if object type is wrong. Should fail if unknown property is specified in the query.
type
- (class) of an object to searchquery
- search queryhandler
- callback handler that will be called for each found objectoptions
- options influencing the retrieval and processing of the objectstask
- Task instance. It gives context to the execution (e.g. security context)parentResult
- parent OperationResult (in/out)SchemaException
- unknown property used in search queryObjectNotFoundException
- object required for a search was not found (e.g. resource definition)CommunicationException
- Communication (network) error during retrieval. E.g. error communicating with the resourceConfigurationException
- Configuration error. E.g. misconfigured resource parameters, invalid policies, etc.IllegalArgumentException
- wrong query formatSecurityViolationException
<T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> Integer countObjects(Class<T> type, ObjectQuery query, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, SecurityViolationException, ConfigurationException, CommunicationException
Count objects.
Searches through all object of a specified type and returns a count of such objects. This method is usually much more efficient than equivalent search method. It is used mostly for presentation purposes, e.g. displaying correct number of pages in the GUI listings.
type
- (class) of an object to searchquery
- search queryoptions
- options influencing the retrieval and processing of the objectstask
- Task instance. It gives context to the execution (e.g. security context)parentResult
- parent OperationResult (in/out)SchemaException
- unknown property used in search queryObjectNotFoundException
- object required for a search was not found (e.g. resource definition)CommunicationException
- Communication (network) error during retrieval. E.g. error communicating with the resourceConfigurationException
- Configuration error. E.g. misconfigured resource parameters, invalid policies, etc.IllegalArgumentException
- wrong query formatSecurityViolationException
OperationResult testResource(String resourceOid, Task task) throws ObjectNotFoundException
Test the resource connection and basic resource connector functionality.
This operation will NOT throw exception in case the resource connection fails. It such case it will indicate the failure in the return message, but the operation itself succeeds. The operations fails only if the provided arguments are wrong, in case of system error, system misconfiguration, etc.
This returns OperationResult instead of taking it as in/out argument. This is different from the other methods. The testResource method is not using OperationResult to track its own execution but rather to track the execution of resource tests (that in fact happen in provisioning).
resourceOid
- OID of resource to testObjectNotFoundException
- specified object does not existIllegalArgumentException
- wrong OID formatvoid importFromResource(String resourceOid, QName objectClass, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException
Import accounts from resource.
Invocation of this method may be switched to background.
TODO: Better descriptionvoid importFromResource(String shadowOid, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException
Import single account from resource.
TODO: Better descriptionvoid importObjectsFromFile(File input, com.evolveum.midpoint.xml.ns._public.common.api_types_3.ImportOptionsType options, Task task, OperationResult parentResult) throws FileNotFoundException
input
- task
- FileNotFoundException
void importObjectsFromStream(InputStream input, com.evolveum.midpoint.xml.ns._public.common.api_types_3.ImportOptionsType options, Task task, OperationResult parentResult)
input
- task
- Set<com.evolveum.midpoint.xml.ns._public.common.common_3.ConnectorType> discoverConnectors(com.evolveum.midpoint.xml.ns._public.common.common_3.ConnectorHostType hostType, Task task, OperationResult parentResult) throws CommunicationException, SecurityViolationException, SchemaException, ConfigurationException, ObjectNotFoundException
hostType
- definition of a connector host or nullparentResult
- parentResult parent OperationResult (in/out)CommunicationException
- error communicating with the connector hostSecurityViolationException
SchemaException
ConfigurationException
ObjectNotFoundException
void postInit(OperationResult parentResult)
<T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> com.evolveum.midpoint.xml.ns._public.common.api_types_3.CompareResultType compareObject(PrismObject<T> object, Collection<SelectorOptions<GetOperationOptions>> readOptions, ModelCompareOptions compareOptions, @NotNull List<ItemPath> ignoreItemPaths, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException
T
- object
- readOptions
- compareOptions
- ignoreItemPaths
- task
- result
- SchemaException
ObjectNotFoundException
SecurityViolationException
CommunicationException
ConfigurationException
Copyright © 2016 evolveum. All rights reserved.